AXIS2鎷ユ湁涓涓熀浜?/span>apache wss4j鎻愪緵ws-security鐨勬ā鍧楋紝鍙?/span>Rampart銆傝繖綃囨枃妗f彁渚涗簡榪愯鍜岄厤緗?/span>Rampart妯″潡鐨勪俊鎭?/span>
浠嬬粛錛?/span>
褰?/span>rampart妯″潡鍦ㄧ郴緇熸寚瀹氱殑瀹夊叏闃舵鎻掑叆浜嗗鐞嗗櫒涔嬪悗錛屽畠鏄叏灞璧蜂綔鐢ㄧ殑銆傝繖浜涘鐞嗗櫒鍙互浣跨敤ws-securitypolicy[2]鍜?/span>rempart鎸囧畾鐨勭瓥鐣ユ潵閰嶇疆銆?/span>Rampart-1.0浣跨敤涓や釜axis2鍙傛暟鏉ラ厤緗紝榪欑閰嶇疆鏂規硶鍒頒簡1.1榪樺湪浣跨敤銆?/span>
Rampart1.1錛?/span>http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1
棣栧厛錛岄渶瑕佸皢涓嬮潰鐨勮鍙ユ彃鍏ュ埌axis2.xml鏂囦歡涓?/span>
<module ref=”rampart”/>
褰?/span>axis2閰嶇疆鍒版湇鍔″櫒濡?/span>tomcat鏃訛紝鍙互浣跨敤web鐨勭鐞嗘帴鍙c?/span>
鍦ㄦ湇鍔″櫒錛屼負姣忎釜鏈嶅姟鎻愪緵瀹夊叏鏄彲鑳界殑銆傞厤緗弬鏁伴渶瑕佸湪service.xml鏂囦歡涓瀹氥?/span>
鍦ㄥ鎴風閰嶇疆鍙傛暟闇瑕佸湪client’s axis2 repository鐨?/span>axis2.xml涓緗?/span>
Rampart-1.1 閰嶇疆
Rampart鎸囧畾鐨勫0鏄?/span>
Rampart浣跨敤鏍囧噯鐨?/span>ws-securitypolicy[2]澹版槑錛屼篃鑳藉畾涔夎嚜宸辯殑澹版槑銆?/span>
Rampart鎸囧畾鐨勫0鏄?/span>xsd鏂囨。錛?/span>http://ws.apache.org/axis2/modules/rampart/1_1/sec-conf/rampart-config.xsd
Ramp錛?/span>rampartconfig蹇呴』浣滀負欏跺眰澹版槑鏈夋晥錛屽http://ws.apache.org/axis2/modules/rampart/1_1/sec-conf/sample-policy.xml
鏈嶅姟绔厤緗?/span>
闇瑕佸湪services.xml鏂囦歡涓鍔?/span>policy鍏冪礌鏉ラ厤緗湇鍔°備竴涓彲鐢ㄧ殑service.xml錛?/span>
http://ws.apache.org/axis2/modules/rampart/1_1/sec-conf/sample-services.xml
瀹㈡埛绔厤緗?/span>
鍦ㄥ鎴風錛岄渶瑕佸垱寤轟竴涓?/span>policy瀵硅薄錛屽皢鍏惰澆鍏?/span>options.鍒涘緩policy瀵硅薄鑳戒嬌鐢?/span>policy.xml鏂囦歡錛屽涓嬶細
//Creating the object
StAXOMBuilder builder = new StAXOMBuilder(pathToPolicyfile);
Policy clientPolicy = PolicyEngine.getPolicy(builder.getDocumentElement());
//setting the object
Options options = new Options();
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, clientPolicy);
rampart-1.0閰嶇疆
rampart妯″潡浣跨敤涓や釜鍙傛暟錛?/span>outflowsecurity鍜?/span>inflowsecurity
OutflowSecurity鍙傛暟錛?/span>
榪欎釜鍙傛暟鏄敤鏉ラ厤緗?/span>outflow瀹夊叏澶勭悊鍣ㄧ殑銆?/span>Outflow澶勭悊鍣ㄨ兘鍦ㄤ竴涓?/span>outflow錛?/span>one can provde configuration for each of these invocations錛変腑璋冪敤澶氭.”action”鎻忚堪浜嗕竴縐嶈繖鏍風殑閰嶇疆銆傚洜姝?/span>”outflowsecurity”鍙傛暟鑳藉寘鍚涓?/span>’action’鍏冪礌銆?/span>’action’鍏冪礌鐨?/span>schema錛?/span>http://ws.apache.org/axis2/modules/rampart/1_1/sec-conf/out-action.xsd
緇?/span>outflow閰嶇疆澧炲姞涓涓椂闂存埑錛?/span>http://ws.apache.org/axis2/modules/rampart/1_1/security-module.html#ex1鏄粰淇℃伅絳懼瓧鍜屽姞瀵嗙殑渚嬪瓙錛?/span>http://ws.apache.org/axis2/modules/rampart/1_1/security-module.html#ex1 婕旂ず浜嗗浣曢氳繃榪為攣outflow澶勭悊鍣ㄥ皢淇℃伅絳懼悕涓ゆ錛堜嬌鐢ㄤ袱涓?#8216;action’鍏冪礌錛?/span>
涓嬮潰鏄?/span>outflowsecurity 鍙傛暟鑳芥斁鍦?/span>’action’鍏冪礌閲岄潰鐨勫厓绱犳弿榪?/span>
|
Parameter |
Description |
Example |
|
items |
Security actions for the inflow |
Add a Timestamp, Sign the SOAP body and Encrypt the SOAP body |
|
user |
The user's name |
Set alias of the key to be used to sign |
|
passwordCallbackClass |
Callback class used to provide the password required to create the UsernameToken or to sign the message |
<passwordCallbackClass> org.apache.axis2.security.PWCallback</passwordCallbackClass> |
|
signaturePropFile |
property file used to get the signature parameters such as crypto provider, keystore and its password |
Set example.properties file as the signature property file |
|
signatureKeyIdentifier |
Key identifier to be used in referring the key in the signature |
Use the serial number of the certificate |
|
encryptionKeyIdentifier |
Key identifier to be used in referring the key in encryption |
Use the serial number of the certificate |
|
encryptionUser |
The user's name for encryption. |
|
|
encryptionSymAlgorithm |
Symmetric algorithm to be used for encryption |
Use AES-128 |
|
encryptionKeyTransportAlgorithm |
Key encryption algorithm |
Use RSA-OAEP |
|
signatureParts |
Sign multiple parts in the SOAP message |
Sign Foo and Bar elements qualified by "http://app.ns/ns" |
|
optimizeParts |
MTOM Optimize the elements specified by the XPath query |
Optimize the CipherValue |
InflowSecurity 鍙傛暟
榪欎釜鍙傛暟鏄潵閰嶇疆inflow 瀹夊叏澶勭悊鍣ㄧ殑銆?/span>’action’涔熻浣跨敤鏉ュ閰嶇疆鍏冪礌榪涜灝佽銆?/span>http://ws.apache.org/axis2/modules/rampart/1_1/security-module.html#ex3 灞曠ず浜嗛厤緗鏄庯紝鏍¢獙絳懼悕鍜岄獙璇佹椂闂存埑銆?/span>
|
Parameter |
Description |
Example |
|
items |
Security actions for the inflow |
first the incoming message should be decrypted and then the signatures should be verified and should be checked for the availability of the Timestamp |
|
passwordCallbackClass |
Callback class used to obtain password for decryption and UsernameToken verification |
|
|
signaturePropFile |
Property file used for signature verification |
|
|
decryptionPropFile |
Property file used for decryption |
|
璇鋒敞鎰?/span>’.properties’鏂囦歡鍦?/span>properties涓浣跨敤錛屽outsignaturepropfile 鍜屽湪wss4j欏圭洰涓敤鍒扮殑灞炴ф枃浠舵槸涓鏍風殑銆備笅闈㈠睍紺轟簡濡備綍鍦ㄥ睘鎬ф枃浠朵腑瀹氫箟灞炴с?/span>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=
org.apache.ws.security.crypto.merlin.alias.password=security
org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
org.apache.ws.security.crypto.provider defines the implementation of the org.apache.ws.security.components.crypto.Crypto interface to provide the crypto information required by WSS4J. The other properties defined are the configuration properties used by the implementation class (org.apache.ws.security.components.crypto.Merlin).
]]>